Security Requirements Engineering for Evolving Software Systems: A Survey

نویسندگان

  • Armstrong Nhlabatsi
  • Bashar Nuseibeh
  • Yijun Yu
چکیده

Long-lived software systems often undergo evolution over an extended period. Evolution of these systems is inevitable as they need to continue to satisfy changing business needs, new regulations and standards, and introduction of novel technologies. Such evolution may involve changes that add, remove, or modify features; or that migrate the system from one operating platform to another. These changes may result in requirements that were satisfied in a previous release of a system not being satisfied in subsequent versions. When evolutionary changes violate security requirements, a system may be left vulnerable to attacks. In this paper we review current approaches to security requirements engineering and conclude that they lack explicit support for managing the effects of software evolution. We then suggest that a cross fertilisation of the areas of software evolution and security engineering would address the problem of maintaining compliance to security requirements of software systems as they evolve. DOI: 10.4018/978-1-4666-1580-9.ch007

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Towards Maintaining Long-Living Information Systems by Incorporating Security Knowledge

Modern information systems are increasingly complex and need to operate in evolving environments. As a consequence, systems must co-evolve to keep up-todate with their environments. This is especially important for security properties, since changes and patches tend to compromise them. We propose a security assessment approach for natural language requirements for systematic co-evolution. Our e...

متن کامل

Maintaining Security Requirements of Software Systems Using Evolving Crosscutting Dependencies

1 Centre for Research in Computing, The Open University, United Kingdom 2 Lero – The Irish Software Engineering Research Centre, Ireland Abstract Security requirements are concerned with protecting assets of a system from harm. Implemented as code aspects to weave protection mechanisms into the system, security requirements need to be validated when changes are made to the programs during syste...

متن کامل

Special issue: The future of software engineering for security and privacy

The scale of misuse of mission-critical assets manipulated by computer-based systems has increased, because of their worldwide accessibility through the Internet and the automation of systems. Security is concerned with the prevention of such misuse. The systematic development of software that considers security risks and threats explicitly is increasingly recognized as critical to improving ov...

متن کامل

Survey on Security Measures of Software Requirement Engineering

Software engineering concerns with wide use of engineering principles to achieve cost-effective software with potentiality to function on real machines. Requirement engineering in software development is more crucial. Everyone agrees that security is difficult. The requirements engineering principles are framed based on an idea that would engage the community overcoming complex problems. Securi...

متن کامل

A framework to support selection of cloud providers based on security and privacy requirements

Cloud Computing is an evolving paradigm that is radically changing the way humans store, share and access their digital files. Despite the many benefits, such as the introduction of a rapid elastic resource pool, and on-demand service, the paradigm also creates challenges for both users and providers. In particular, there are issues related to security and privacy, such as unauthorized access, ...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • IJSSE

دوره 1  شماره 

صفحات  -

تاریخ انتشار 2010